PH joins APEC network of privacy enforcement authorities

Flag of the Philippines (WIKIMEDIA COMMONS, PUBLIC DOMAIN)

MANILA— The Philippines has joined the Asia Pacific Economic Cooperation (APEC) Cross-Border Privacy Enforcement Arrangement (CPEA), becoming the eleventh Privacy Enforcement Authority (PEA) of the network.

Through the National Privacy Commission (NPC), the Philippines joined other APEC economies in the network such as Australia, Canada, Hong Kong, Japan, Mexico, New Zealand, South Korea, and the United States in the CPEA.

The network is under the Cross-Border Privacy Rules (CBPR) System, a regional, multilateral initiative that facilitates information sharing, provides mechanisms to promote effective cross-border privacy cooperation, and encourages information sharing and cooperation with authorities outside the 21 APEC- member economies.

“The CBPR System enables Philippine-based companies to get their data privacy and protection systems certified with a local Accountability Agent. This would allow them to freely transfer data to all CBPR-participating countries,” Privacy Commissioner and Chairman Raymund Enriquez Liboro said in a briefing Tuesday, on the sidelines of the APEC-CBPR Workshop here.

“For businesses, this would mean less hassle as certification would amount to meeting the privacy requirements of each member-country in the system,” Liboro added.

The NPC chief noted that joining the CPEA also opened opportunities for the Philippine government to cooperate with other countries on information sharing and help resolve issues and cases concerning data privacy.

For instance, the country’s accession to CPEA will provide different channels for NPC to access information that will help resolve the issue of Uber’s data breach in 2016, in which personal information of Filipinos were exposed in the data breach.

“We’re using the network of our partners in CPEA,” Liboro said, noting how the Philippines would benefit in joining the CPEA.

Meanwhile, Liboro said the NPC is drafting a compliance order for Uber management as the agency gathers more information on the data breach issue.

Uber is facing multiple law suits in US and United Kingdom the company revealed that hackers stole data of millions of passengers and drivers in Ocober 2016. Instead of warning consumers about the breach, the company paid the hackers to stay quiet.